Vulnerability CVE-2010-0639 - CERT Civis.Net

Vulnerability Name:

CVE-2010-0639 (CCN-56293)

Assigned:

2010-02-12

Published:

2010-02-12

Updated:

2010-08-02

Summary:

The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.
Per: http://cwe.mitre.org/data/definitions/476.html

'NULL Pointer Dereference'

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MISC
Type: UNKNOWN
http://bugs.squid-cache.org/show_bug.cgi?id=2858

Source: MITRE
Type: CNA
CVE-2010-0639

Source: FEDORA
Type: UNKNOWN
FEDORA-2010-3064

Source: FEDORA
Type: UNKNOWN
FEDORA-2010-2434

Source: OSVDB
Type: UNKNOWN
62297

Source: CCN
Type: SA38561
Squid HTCP Request Processing Denial of Service Vulnerability

Source: CCN
Type: SA38570
Squid HTCP Request Processing Denial of Service Vulnerability

Source: SECUNIA
Type: Vendor Advisory
38812

Source: CCN
Type: SECTRACK ID: 1023587
Squid HTCP Packet Processing NULL Pointer Dereference Lets Remote Users Deny Service

Source: CCN
Type: OSVDB ID: 62297
Squid htcp.cc htcpHandleTstRequest Function Crafted HTCP Request NULL Dereference DoS

Source: BID
Type: UNKNOWN
38212

Source: CCN
Type: BID-38212
Squid Web Proxy Cache HTCP Request Processing Remote Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1023587

Source: CCN
Type: SQUID-2010:2
Remote Denial of Service issue in HCTP

Source: CONFIRM
Type: Vendor Advisory
http://www.squid-cache.org/Advisories/SQUID-2010_2.txt

Source: MISC
Type: Patch
http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch

Source: MISC
Type: Patch
http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch

Source: CCN
Type: USN-904-1
Squid vulnerability

Source: VUPEN
Type: Vendor Advisory
ADV-2010-0371

Source: VUPEN
Type: Vendor Advisory
ADV-2010-0603

Source: XF
Type: UNKNOWN
squid-htcp-dos(56293)

Vulnerable Configuration:

Configuration 1:

cpe:/a:squid-cache:squid:2.0:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.1:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.2:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.3:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.4:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.5:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.6:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.7:-:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.7:stable3:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.7:stable4:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:squid-cache:squid:3.0:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.7.stable5:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.7:-:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.7.stable4:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.7.stable3:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.7.stable2:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:2.7.stable1:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*

OR cpe:/a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*

AND

cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:*

OR cpe:/o:mandriva:linux:2010:*:*:*:x86_64:*:*:*

OR cpe:/o:mandriva:linux:2010:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20100639	V	CVE-2010-0639	2022-05-20
oval:org.opensuse.security:def:42439	P	Security update for qemu (Important)	2022-04-20
oval:org.opensuse.security:def:31374	P	Security update for libsndfile (Important)	2022-01-05
oval:org.opensuse.security:def:32252	P	Security update for chrony (Moderate)	2021-12-22
oval:org.opensuse.security:def:26185	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:30284	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:29459	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:31716	P	Security update for mozilla-nss (Important)	2021-12-06
oval:org.opensuse.security:def:42228	P	Security update for krb5 (Moderate)	2021-12-06
oval:org.opensuse.security:def:33049	P	Security update for java-1_7_0-openjdk (Important)	2021-11-24
oval:org.opensuse.security:def:31300	P	Security update for MozillaFirefox (Important)	2021-11-17
oval:org.opensuse.security:def:32214	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:32213	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:26158	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:31289	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-10-18
oval:org.opensuse.security:def:31288	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-10-18
oval:org.opensuse.security:def:26147	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:30247	P	Security update for openssl (Low)	2021-09-20
oval:org.opensuse.security:def:26128	P	Security update for postgresql13 (Moderate)	2021-09-16
oval:org.opensuse.security:def:32995	P	Security update for file (Important)	2021-09-02
oval:org.opensuse.security:def:32164	P	Security update for java-1_8_0-openjdk (Important)	2021-08-20
oval:org.opensuse.security:def:26103	P	Security update for the Linux Kernel (Important)	2021-08-10
oval:org.opensuse.security:def:29405	P	Security update for djvulibre (Important)	2021-08-05
oval:org.opensuse.security:def:26089	P	Security update for MozillaFirefox (Important)	2021-07-16
oval:org.opensuse.security:def:32956	P	Security update for openexr (Important)	2021-06-24
oval:org.opensuse.security:def:32127	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:42701	P	squid-2.7.STABLE5-2.12.16.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36294	P	squid-2.7.STABLE5-2.12.16.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32108	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:32914	P	Security update for avahi (Important)	2021-06-03
oval:org.opensuse.security:def:33658	P	Security update for dhcp (Important)	2021-06-01
oval:org.opensuse.security:def:26050	P	Security update for python3 (Important)	2021-05-17
oval:org.opensuse.security:def:26047	P	Security update for xen (Important)	2021-05-12
oval:org.opensuse.security:def:32070	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:32064	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-04-07
oval:org.opensuse.security:def:32274	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:26211	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:31742	P	Security update for git (Important)	2021-03-09
oval:org.opensuse.security:def:31655	P	Security update for MozillaFirefox (Important)	2021-01-29
oval:org.opensuse.security:def:32835	P	Security update for MozillaFirefox (Critical)	2020-12-21
oval:org.opensuse.security:def:34336	P	Security update for openssh (Moderate)	2020-12-16
oval:org.opensuse.security:def:32824	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:32003	P	Security update for python-cryptography (Moderate)	2020-12-04
oval:org.opensuse.security:def:32823	P	Security update for postgresql12 (Important)	2020-12-04
oval:org.opensuse.security:def:35821	P	squid-2.7.STABLE5-2.10.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:36032	P	squid-2.7.STABLE5-2.12.12.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:33614	P	Security update for python-setuptools (Important)	2020-12-02
oval:org.opensuse.security:def:28825	P	Security update for rpcbind (Moderate)	2020-12-01
oval:org.opensuse.security:def:29168	P	Security update for mailman (Important)	2020-12-01
oval:org.opensuse.security:def:29508	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:32746	P	mailman on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31598	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:31954	P	Security update for gstreamer-0_10-plugins-base (Important)	2020-12-01
oval:org.opensuse.security:def:32318	P	Security update for rsync (Moderate)	2020-12-01
oval:org.opensuse.security:def:31498	P	Security update for python-numpy (Important)	2020-12-01
oval:org.opensuse.security:def:31846	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:32514	P	ft2demos on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33201	P	lxc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33551	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:26820	P	squid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25383	P	Security update for libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25713	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26995	P	nagios-plugins on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25582	P	Security update for libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:25866	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26357	P	Security update for enigmail (Important)	2020-12-01
oval:org.opensuse.security:def:25843	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:26420	P	Security update for phpMyAdmin (Moderate)	2020-12-01
oval:org.opensuse.security:def:26575	P	krb5-doc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28894	P	Security update for MozillaFirefox, mozilla-nspr (Important)	2020-12-01
oval:org.opensuse.security:def:29252	P	Security update for tar (Moderate)	2020-12-01
oval:org.opensuse.security:def:29547	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32785	P	squid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31499	P	Security update for python-paramiko (Important)	2020-12-01
oval:org.opensuse.security:def:31808	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32580	P	mozilla-xulrunner191 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31760	P	Security update for MozillaFirefox (Critical)	2020-12-01
oval:org.opensuse.security:def:31978	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:32370	P	Recommended update for tboot (Moderate)	2020-12-01
oval:org.opensuse.security:def:32536	P	kdelibs3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33288	P	xalan-j2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33590	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25447	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:25797	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:27030	P	squid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25593	P	Security update for openvpn (Moderate)	2020-12-01
oval:org.opensuse.security:def:25923	P	Security update for util-linux (Moderate)	2020-12-01
oval:org.opensuse.security:def:26260	P	Security update for Mesa (Moderate)	2020-12-01
oval:org.opensuse.security:def:27257	P	pam_krb5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25844	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26473	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26619	P	ntp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28813	P	Security update for ppp	2020-12-01
oval:org.opensuse.security:def:29025	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:29565	P	Security update for OpenEXR (Moderate)	2020-12-01
oval:org.opensuse.security:def:32042	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31510	P	Security update for libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31865	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:33218	P	openssh on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31761	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32426	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:33445	P	Security update for freetype2	2020-12-01
oval:org.opensuse.security:def:25371	P	Security update for python-ipaddress (Important)	2020-12-01
oval:org.opensuse.security:def:25575	P	Security update for libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:25948	P	Security update for libraw (Moderate)	2020-12-01
oval:org.opensuse.security:def:25657	P	Security update for graphviz (Low)	2020-12-01
oval:org.opensuse.security:def:26007	P	Security update for libid3tag (Moderate)	2020-12-01
oval:org.opensuse.security:def:26299	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27292	P	squid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25855	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:26522	P	apache2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28814	P	Security update for procmail	2020-12-01
oval:org.opensuse.security:def:29111	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:29609	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:31506	P	Security update for python27 (Important)	2020-12-01
oval:org.opensuse.security:def:31898	P	Security update for MozillaFirefox, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:31584	P	Security update for tcpdump	2020-12-01
oval:org.opensuse.security:def:31952	P	Security update for grub2 (Important)	2020-12-01
oval:org.opensuse.security:def:33257	P	squid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31772	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32475	P	Security update for xscreensaver (Moderate)	2020-12-01
oval:org.opensuse.security:def:34296	P	Security update for python27 (Moderate)	2020-12-01
oval:org.opensuse.security:def:33144	P	libdrm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33502	P	Security update for mutt	2020-12-01
oval:org.opensuse.security:def:26785	P	mozilla-xulrunner192 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25372	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:25656	P	Security update for spice-gtk (Moderate)	2020-12-01
oval:org.opensuse.security:def:26001	P	Security update for openexr (Moderate)	2020-12-01
oval:org.opensuse.security:def:25581	P	Security update for perl-XML-Twig (Moderate)	2020-12-01
oval:org.opensuse.security:def:25785	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:26313	P	Security update for python-requests (Moderate)	2020-12-01
oval:org.opensuse.security:def:25919	P	Security update for libplist (Moderate)	2020-12-01
oval:org.opensuse.security:def:26269	P	Security update for python3-requests (Moderate)	2020-12-01
oval:org.opensuse.security:def:26561	P	gstreamer-0_10-plugins-good on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:12619	P	USN-904-1 -- squid vulnerability	2014-06-30